Video: A Network Sandbox for ICS Malware

David Atch, CyberX’s VP of Research, gave a presentation at the S4x18 conference about how we’ve developed a specialized, network-based ICS sandbox service to identify ICS malware.

The sandbox executes the malware in an environment with virtualized ICS services and files, and then looks for behaviors unique to ICS malware such as attempts to communicate via specialized ports and protocols (OPC, etc.).